You probably found out that since MaxBulk Mailer 8.7, the ‘Preview’ panel no longer displays pictures referenced by addresses starting with ‘http://’ like before. You may wonder why MaxBulk Mailer now only supports ‘https://’ links?
Apple Security requirements
It turns out that Apple announced a new security requirement for iOS and OS X apps: App Transport Security.
From Appleās docs:
Starting in iOS 9.0 and OS X v10.11, a new security feature called App Transport Security (ATS) is available to apps and is enabled by default. It improves the privacy and data integrity of connections between an app and web services by enforcing additional security requirements for HTTP-based networking requests. Specifically, with ATS enabled, HTTP connections must use HTTPS (RFC 2818). Attempts to connect using insecure HTTP fail. Furthermore, HTTPS requests must use best practices for secure communications.
MaxBulk Mailer now only supports https links
Starting with MaxBulk Mailer 8.7, this change matters to you because MaxBulk Mailer is now using the updated Apple libraries that have this requirement. Simply stated, it means that your URLs have to be secure (https), MaxBulk Mailer now only supports https links!
As a result, any content referred with a URL starting with ‘http://’ will not get displayed in the Preview panel, only the addresses starting with ‘https://’ will be fetched.
What is https and what it has to do with emails
Actually, ‘https’ is like ‘http’ but the former uses a secure SSL connection. It means that with ‘https’, communications between the web server and your browser are encrypted with an SSL certificate. The communication would be plain text otherwise.
The importance of security
It is clear that nowadays it is important to use secure https links everywhere. There is a clear tendency toward security at all levels. Such links offer confidence and above all, they can be accessed without security warnings. Well, you will be fine as long as the https site from where you are pulling your pictures from uses at least TLSv1.2 with a valid and up-to-date SSL certificate. If you don’t know what all that means just contact your server administrator.